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We introduce the process calculus Multi-CCS, which extends conservatively CCS with an operator 
of strong prefixing able to model atomic sequences of actions as well as multiparty synchronization. 
Multi-CCS is equipped with a labeled transition system semantics, which makes use of a minimal 
structural congruence. Multi-CCS is also equipped with an unsafe PAT Petri net semantics by means 
of a novel technique. This is the first rich process calculus, including CCS as a subcalculus, which 
receives a semantics in terms of unsafe, labeled PAT nets. The main result of the paper is that a class 
of Multi-CCS processes, called finite-net processes, is able to represent all finite (reduced) PAT nets. 



1 Introduction 

Labeled transition systems with finitely many states and transitions can be expressed by the CCS |[T8Tl 
sub-calculus of finite-state processes, i.e., the sequential processes generated from the empty process 
0, prefixing fl.p, alternative composition p\+ p2 and a finite number of process constants C, each one 

equipped with a defining equation C d = p. Intuitively, each state Sj is modeled by a constant Q, whose 
defining equation contains one summand aj.Cj for each transition leaving state Sj labeled by action aj 
and reaching the state sj. This celebrated result of Milner offers a process calculus to express, up to 
isomorphism, all finite-state labeled transition systems. The main advantage of this result is that (i) 
finite-state lts's can be defined compositionally, and (ii) behavioral equivalences over finite-state lts's 
can be axiomatized fl9\ . 

This paper addresses the same language expressibility problem for finite labeled Place/Transition 
Petri nets without capacity bounds on places. We single out a fragment of an extension of CCS, called 
Multi-CCS, such that not only all processes of this fragment generate finite P/T nets, but also for any 
finite (reduced) P/T net we can find a term of the calculus that generates it. This solves the open prob- 
lem of providing a process calculus for general Petri nets, and opens interesting possibilities of cross- 
fertilization between the areas of Petri nets and process calculi. In particular, it is now possible, on the 
one hand, (i) to define any finite P/T net compositionally and (ii) to start the investigation of axiomati- 
zation for behavioral equivalences over such a large class of nets; on the other hand, it is now possible 
(Hi) to reuse all the techniques and decidability results available for P/T nets also for (this fragment of) 
Multi-CCS, as well as (iv) define non-interleaving semantics, typical of Petri nets, also for Multi-CCS. 

We equip Multi-CCS with an operational net semantics that takes inspiration from Goltz's idea of 
using unsafe, labeled P/T nets JUHKlOl for a CCS subcalculus without restriction, and Busi & Gorrieri 
net semantics for 7r-calculus [3 ], where however inhibitor arcs are used to model restriction. The exten- 
sion of the approach to restriction and strong prefixing is not trivial and passes through the introduction 
of an auxiliary set of restricted actions and the definition of a suitable notion of syntactic substitution. 
We prove a soundness result, i.e., p and Net(p) are strongly bisimilar, where the net Net(p) is the subnet 
reachable from the marking associated to process p. 
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The Multi-CCS sub-calculus of finite-net processes is generated as follows: 

s ::= | \i.t | \i.t | s + s 
t ::= s | f|f | C 
p ::= f | (va)p | p\p 

where the operator pL.t, called strong prefixing (in opposition to normal prefixing), expresses that action 
pL is the initial part of an atomic sequence of actions that continues with t. This operator, introduced in 
|[12|. is also at the base of multiparty synchronization, obtained as an atomic sequence of binary CCS -like 

clef 

synchronizations. As a constant C = t, we have that parallel composition | may occur inside the body t 
of recursively defined constants; hence, finite-net processes are infinite- state processes. On the contrary, 
restriction (va) is not allowed in the body of recursively defined constants. We also require that the 
alternative composition + is guarded, i.e., all summands are sequential. Finally, constants are assumed 
to be guarded, i.e., in any defining equation each occurs inside a normally prefixed subprocess \i.t. 

We prove that the operational net semantics associates a finite P/T net Net (p) to any finite-net process 
p. Conversely, we also prove that for any finite reduced P/T net N, we can find a finite-net process p^ such 
that Net(pn/) and /V are isomorphic. The construction of the finite-net process p^ from a net N associates 
to each place of the net a process constant Q, whose defining equation contains one summand for 
each transition for which place Sj is an input; moreover, as multiparty synchronization is implemented 
as an atomic sequence of binary synchronizations, for each transition there is the need to elect a leader 
among its places in the preset that coordinates the actual multiparty synchronization. Some examples are 
presented to illustrate the approach. 

The paper is organized as follows. Section 2 contains some basic background. Section 3 introduces 
the process calculus Multi-CCS, together with some examples (dining philosophers and concurrent read- 
ers/writers). Section 4 defines the operational net semantics for Multi-CCS. Section 5 provides the 
soundness theorem (p and Net(p) are bisimilar) and the finiteness theorem (for any finite-net process p, 
Net(p) is finite). Section 6 proves the language expressibility theorem (for any finite reduced P/T net N 
there exists a finite-net process p^ such that N is isomorphic to Net(px))- Finally, some conclusions are 
drawn in Section 7. 

2 Background 

2.1 Labeled transition systems and bisimulation 

Definition 1 A labeled transition system is a triple TS = (St, A, — >) where St is the set of states, A is the 
set of labels, — >C St x Ax St is the transition relation. In the following s — >s' denotes (s,a,s r ) S— h A 
rooted transition system is a pair (TS,sq) where TS = (St, A, — >) is a transition system and so £ St is the 
initial state. 

Definition 2 A bisimulation between TS\ and TS2 is a relation R C (St\ x 5^) such that if (si,S2) £ R 
then for all a 6 (Ai U A2) 

• Vj'j such that si — ys'p 3s' 2 such that S2 — and (jj,^) £ R 

• V*2 such that S2 — > s 2 , 3^ such that si — > s' l and (s\ ,s 2 ) £ R. 

IfTS\ = TS2 we say that R is a bisimulation on TS\. Two states s and s' are bisimilar, s ~ s', if there 
exists a bisimulation R such that (s,s') G R. 
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2.2 Place/Transition Petri nets 

Definition 3 Let EST be the set of natural numbers. Given a set S, a finite multiset over S is a function 
m : S — > IN such that the set dom{m) = {s £ S \ m(s) ^ 0} is finite. The multiplicity of s in m is given by 
the number m(s). The set of all finite multisets over S, ^fj n (S), is ranged over by m. Pfi n (S) is the set 
of all finite sets over S. We write m Cm' ifm{s) < m'(s) for all s £ S. The operator © denotes multiset 
union: (m©m')(s) = m(s) +m'(s). The operator \ denotes (limited) multiset difference: (m\m')(s) = if 
m(s) > m'(s) then m(s) — m'(s) else 0. The scalar product of a number j with m is (j ■ m)(s) = j ■ (m(s)). 
A finite multiset m over S = {si,S2, ■ ■ ■} can be also represented as kiSi l © /C2S; 2 © ... © k n Sj n , where 
dom(m) = {sj l , . . .Si n } and kj = m(si ] )for j = 1, . . . ,n. 

Definition 4 A labeled P/T Petri net is a tuple N = (S,A, T), where S is the set of places, A is a set of 
labels and T C j(tf m (S) x A x ^#y,„ (S) is the set of transitions. A P/T net is finite if both S and T are 
finite. A finite multiset over S is called a marking. Given a marking m and a place s, we say that the 
place s contains m(s) tokens. Given a transition t = (m,a,m'), we use the notation 't to denote its preset 

m, t* for its postset m' and I (t) for its label a. Hence, transition t can be also represented as ' 't t* '. 

Definition 5 Given a labeled P/T net N = (S,A,T), we say that a transition t is enabled at marking m, 
written as m[t), if't C m. The execution oft enabled at m produces the marking m' = (m\ *?) © t*. This 
is written as m[t)m'. 

A P/T system is a tuple N(mo) = (S,A, T, mo), where (S,A, T) is a P/T net and mo is a finite multiset 
over S, called the initial marking. The set of markings reachable from m, denoted [m), is defined as the 
least set such that m £ [m) and ifm\ £ [m) and, for some transition t £T, m\ [t)m2, then m-i £ [m). We 
say that m is reachable if m is reachable from the initial marking mo. A P/T system is said to be safe if 
any place contains at most one token in any reachable marking, i.e. m(s) < 1 for all s £ S and for all 
m £ [mo). 

Definition 6 A P/T system N(mo) = (S,A, T,mo) is reduced if\/s £ S 3m £ [mo) such that m(s) > 1, and 
V* £ T 't / A 3m £ [mo) such that m[t). 

Definition 7 The interleaving marking graph ofN(mo) is the Its IMG(N(mo)) = ([mo), A, — >,mo), where 

mo is the initial state and the transition relation is defined by m — ^ m' iff there exists a transition t £ T 
such that m[t)m' . The P/T systems N\ (m\) and ^2(^2) are interleaving bisimilar (N\ ~ N2) iff there exists 
a strong bisimulation relating the initial states of IMG{N\(m\j) andlMG{N2(j n 'i))- 

Definition 8 Given two P/T net systems Ni (mo l ) and N2 (mo 2 ), we say that Ni and N2 are isomorphic z/ 

there exists a bijection f : Si — > S2, homomorphically extended to markings, such that f(mo l ) = mo 2 and 
(m,a,m') £ T { iff (f(m),aj(m')) £ T 2 . 

3 Multiparty synchronization in CCS 

In this section we present Multi-CCS, obtained as a variation over A 2 CCS irT2l[TTTi : the main differences 
are that in Multi-CCS the parallel operator is associative, and the synchronization relation on sequences 
is less verbose. Then, two case studies are presented. 

3.1 Multi-CCS 

Let be a denumerable set of channel names, ranged over by a,b, Let J£ the set of co-names, 

ranged over by a, b, The set =Sf U Jz? , ranged over by a, j8 , . . ., is the set of visible actions. With a we 



R. Gorrieri & C. Versari 



79 



(Pref) fi-p-^P (S-pref) - — 

H-p—tp* 

p — ► p p — ► p 9 — ► q 

(Sum) (Com) Sync(a\, 02, o) 

p + q — >p p\q — >p \q 

P — > P P — > P 

(Par) (Res) a,a^n(o) 

p\q — >p'\q iy a )p — >(va)p' 



— 1 a > / — °\ / 

\ P=P^ a = a .„ , P^P def 

(Cong) (Cons) C = p 

p — ><7 C — 



Table 1: Operational semantics (symmetric rules for (Sum) and (Par) omitted) 

mean the complement of a, assuming that a = a. Let Act = «£? UJz? U {t}, such that z «Sf UJSf, be the 
set of actions, ranged over by /x. Action z denotes an invisible, internal activity. Let ^ be a denumerable 
set of process constants, disjoint from Act, ranged over by A,B,C, . . .. The process terms are generated 
from actions and constants by: 

p::=0 J jJL.q | jJL.q | p + p sequential processes 

q '.'.= p \ q\q \ (va)q | C processes 

where is the terminated process, \i.q is a normally prefixed process where action \i (that can be either 
an input a, an output a or a silent move t) is first performed and then q is ready, \i. q is a strongly prefixed 
process where \i is the first action of a transaction that continues with q (provided that q can complete 
the transaction), p + p' is the sequential process obtained by the alternative composition of sequential 
processes p and p' , q\q' is the parallel composition of q and q' , (va)q is process q where the (input) 

def 

name a is made private (restriction), C is a process constant, equipped with a defining equation C = q. 

The set &> of processes contains those terms which are, w.r.t. process constants they use, closed (all 

def 

the constants possess a defining equation) and guarded (for any defining equation C = q, any occurrence 
of C in q is within a normally prefixed subprocess pL.q' of q). With abuse of notation, & will be ranged 
over by p, q, & se q is the set of sequential processes. 

The operational semantics for Multi-CCS is given by the labelled transition system — >), 
where the states are the processes in stf = Act* is the set of labels (ranged over by a), and — > C 
3? x srf x & is the minimal transition relation generated by the rules listed in Table [T] 

We briefly comment on the rules that are less standard. Rule (S-pref) allows for the creation of 
transitions labeled by non-empty sequences of actions. In order for \i.q to make a move, it is necessary 
that q can perform a transition, i.e., the rest of the transaction. Hence, /x.O cannot perform any action. If 
a transition is labeled by a = pt\ . . .pL n , then all the actions pt\ . . .pL n -\ are due to strong prefixes, while 
\l n to a normal prefix. Rule (Com) has a side-condition on the possible synchronizability of sequences 
ai and 02. Sync{o\,02,o) holds if a is obtained from an interleaving (possibly with synchronizations) 
of 0\ and 02, where the last action of one of the two sequences is to be synchronized, hence reflecting 
that the subtransaction that ends first signals this fact (i.e., commits) to the other subtransaction. Relation 
Sync is defined by the inductive rules of Table [2] Rule (Res) requires that no action in a can be a or a. 
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Sync(a,cc,z) 


(J ^ £ 


(J ^2 £ 


SvnrtnfCT CY cr) 


Svnrt Of Ctd d\ 


Sync (<Ji, 02,0) 


Sync [<Ji, 02,0) 


Sync(0\,02,o) 


Sync(ao\,GtG2,G) 


Sync(aoi,02,cco) 


Sync(oi,ao2,cco) 


Sync (cti, 02, c) 


Sync((Ji,c>2, <y) 




5y«c(T(Ti,<T2)0') 


Sync(Oi,ro 2 ,o) 





Table 2: Synchronization relation 

n(a) denotes the set of all actions occurring in a. Rule (Cong) makes use of a structural congruence = 
on process terms induced by the following three equations: 

(p\q)\r = p\(q\r) 

(va)(p \q) = p \ (va)q if a is not free in p. 

(va)p = {vb)(p{b/a}) if b is not free in p. 
The first equation is for associativity of the parallel operator; the second one allows for enlargement of 
the scope of restriction; the last equation is the so-called law of alpha-conversion, which makes use of 
syntactic substitution^ Rule (Cong) enlarges the set of transitions derivable from p, as the following 



example shows. Also, it is necessary to ensure validity of Proposition 14 



Example 1 (Multi-party synchronization) Assume three processes want to synchronize. This can be 
expressed in Multi-CCS. E.g., consider processes p = a.a.p' , q = a.q 1 and r = a.r 1 and the whole system 
P = (va)((p I q) I r). It is easy to see that P-^-*r (va)((p' \ q') \ r') (and this can be proved in two ways), 
so the three processes have synchronized in one single atomic transition. It is interesting to observe that 
P 1 = (va)(p I (q\r)) could not perform the multiway synchronization if rule (Cong) were not allowed. 

Example 2 (Guardedness) We assume that each process constant in a defining equation occurs inside 

a normally prefixed subprocess fX.q. This will prevent infinitely branching sequential processes. E.g, 

def 

consider the non legal process A = a.A + b.0. According to the operational rules, A has infinitely many 
transitions leading to 0, each of the form a n b,forn = 0, 1, .... 

Two terms p and q are interleaving bisimilar, written p ~ q, if there exists a bisimulation R such that 
(p,q) E R. Observe that (va)(vb)p ~ (vb)(va)p, which allows for a simplification in the notation that 
we usually adopt, namely restriction on a set of names, e.g., (va,b)p. 

3.2 Case studies 

Example 3 (Dining Philosophers) This famous problem, defined by Dijkstra in can be solved in 
Multi-CCS. Five philosophers seat at a round table, with a private plate and where each of the five forks 
is shared by two neighbors. Philosophers can think and eat; in order to eat, a philosopher has to acquire 
both forks that he shares with his neighbors, starting from the fork at his left and then the one at his right. 



'in this paper we use a slightly different definition of syntactic substitution in that ((va)q){b/a} = (vb)q{b / a} if b is 
not free in q, so that also the bound name a is converted. This is necessary in the net semantics, in order to be sure that a 
substitution {b/a} will be eventually applied to any inner constant C (defined as p) in q; the result of C{b/a} is a new constant 

^{b jd\~ ^Pib/ }- See Examplej^jfor an application of this idea. 
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All philosophers behave the same, so the problem is intrinsically symmetric. Clearly a naive solution 
would cause deadlock exactly when all five philosophers take the fork at their left at the same time and 
are waiting for the fork at their right. A simple solution is to force atomicity on the acquisition of the two 
forks. In order to have a small net model, we consider the case of two philosophers only. The forks can 
be defined by the constants forkj: 

fo rkf=u pj.dnj.forki for i = 0, 1 

The two philosophers can be described as 

def 

phili = think. phili + upi.upi+\. eat .dnj.dni + \. phili for i = 0, 1 

where i + 1 is computed modulo 2 and the atomic sequence upiupi + \ ensures the atomic acquisition of 
the two forks. The whole system is 

DF d = (vL)(((phil 1 phih) | fork ) \ fork { ) 

where L = {upo,upi,dno,dni}. Note that the operational semantics generates a finite-state Its for DF. 

Example 4 (Concurrent readers and writers) There are several variants of this problem, defined in 
which can be solved in Multi-CCS. Processes are of two types: reader processes and writer pro- 
cesses. All processes share a common file; so, each writer process must exclude all the other writers and 
all the readers while writing on the file, while multiple reader processes can access the shared file simul- 
taneously. Assume to have n readers, m writers and that at most k <n readers can read simultaneously. 
A writer must prevent all the k possible concurrent reading operations. A simple solution is to force 
atomicity on the acquisition of the k locks so that either all are taken or none. To make the presentation 
simple, assume that n = 4,k = 3,m = 2. Each reader process R, each lock process L, each writer W can 
be represented as follows, where action I stands for lock and ufor unlock : 

R = l.read.u.R L d = l.u.L W d = l.l.l. write. u.u.u.W 

Sys d H (vl,u)(((({(R\R)\(R\R))\(W\W))\L)\L)\L) 
It is easy to see that the labeled transition system for Sys is finite-state. 

4 Operational Net Semantics 

In this section we first describe a technique for building a P/T net for the whole Multi-CCS, starting 
from a description of its places and of its net transitions. The resulting net Nmccs = {Smccs, &t ■> Tmccs) 
is such that, for any p G the net system NMccs(dec(p)) reachable from the intial marking dec(p) is 
a reduced P/T net. 

4.1 Places and markings 

The Multi-CCS processes are built upon the denumerable set U J>? , ranged over by a, of visible 
actions. We assume to have another denumerable set jV U JV ranged over by 8, of auxiliary restricted 
actions. The set of all actions Act' = «£? U j£f U Jf U Jf U {t}, ranged over by \i with abuse of notation, 
is used to build the enlarged set of processes we denote with 3?'-^ . 

The infinite set of places, ranged over by s (possibly indexed), is Smccs = ^.^> i- e -> the set of all 
sequential processes over Act' . 

Function dec : S? 1 ^ — > ^fmi^MCCs) ( see Table |3]l defines the decomposition of processes into mark- 
ings. Agent generates no places. The decomposition of a sequential process p produces one place with 
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dec(0) = 



decfji.p) = {fi.p} 



dec(il.q) = {il.q] 



dec(p + p') 



{P + P'} 



dec((va)q) = dec(q{a' /a}) a' G JV is a new restricted action 



dec{q | q') 



dec(q) © dec{q') dec(C) = dec(p) if C = p 



Table 3: Decomposition function 



name p. This is the case of ii.p, fi.p and p + //. Parallel composition is interpreted as multiset union; 
the decomposition of, e.g., a.O|a.O produces the marking a.O©a.O = 2a.O. The decomposition of a 
resuicted process (va)q generates the multiset obtained from the decomposition of q where the new re- 
stricted name a' G JV is substituted for the bound name a. Finally, a process constant is first unwound 
once (according to its defining equation) and then decomposed. 

It is possible to prove that the decomposition function dec is well-defined by induction on a suitably 
defined notion of complexity of terms (following [21] page 52). Guardedness (even w.r.t. any kind of 
prefix) of constants is essential to prove the following obvious fact. 

Proposition 9 For any process p G SP"^ , dec(p) is a finite multiset of places. □ 
Note that dec is not injective; e.g., dec(a.O \ b.O) = dec(b.O | a.O). 

Note that a fresh restricted name a' is to be generated for each of the dec applications on the right- 
hand-side of the transition schemata we will describe in the next section. So in a recursive term, e.g., 
A = (va)(a.A \ b.A), there may be the need for an unbounded number of fresh names. 

4.2 Net transitions 

Let — yC. ^fin(SMCCs) x SB x ^/ ! «(5mccs)> where 3§ =Act'*, be the least set of transitions generated by 
the rules in Table [4] 

Let H,K, possibly indexed, range over ^fi„(SMCcs)- m a transition H —tK, H is the multiset of 
tokens to be consumed, a is the label of the transition and K is the multiset of tokens to be produced. 

Let us comment the rules. Axiom (pref) states that if one token is present in {il.q} then a ii -labeled 
transition is derivable, producing the tokens specified by dec(q). This holds for any ii, i.e., for the 
invisible action X, for any visible action a as well as for any restricted action 8. Transition labeled by 
restricted actions should not be taken in the resulting net, as we restrict ourselves to transitions labeled by 
sequence on visible actions only (and t). However, they are useful in producing normal synchronization, 
as two complementary restricted actions can produce a T-labeled transition. Rule (s-pref) requires that 
the premise transition H — > H' is derivable by the rules, where H is a submultiset of dec(q). Rule (sum) 
is as expected. Finally, rule (com) explains how synchronization takes place: it is needed that H and K 
perform synchronizable sequences <7i and 02, producing a; here we assume that Sync has been extended 
also to restricted actions in the obvious way. 

Note that transitions can be labeled also by restriction actions, while we are interested only in transi- 
tions that are labeled on si = Act*. Hence, the P/T net for Multi-CCS is the triple Nmccs = (Smccs, 
Tmccs)> where the infinite set Tmccs = {(H,o,K) | H —>K A o G g/} is obtained by filtering out 
those transitions where no restriction name 8 occurs in a. 
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„ {p}-^H 

(pref) {H-q} — >dec(q) (sum) 

{p+p'}^H 

(s-pref) H®K = dec(q) 

{^.q}^H'@K 

H^hH'K^hK 1 
(com) Sync (01,02,0) 

H®K —> H' © K' 
Table 4: Rules for net transitions (symmetric rule for (sum) omitted). 



Proposition 10 Lett = H —^H' be a transition. Let p be such that dec(p) =H(BK and let t be enabled 
at dec(p). Then H' ®K = dec(p') for some p'. 

Proof: By induction on the definition ofdec(p) and then on the proof of t . □ 

Given a process p, the P/T system associated to p is the subnet of Nmccs reachable from the initial 
marking dec(p). We indicate with Net(p) such a subnet. 

Definition 11 Let p be a process. The P/T system associated to p is Net(p) = (S p ,A p ,T p ,mo), where 
mo = dec(p) and 

S p = {s<ES M ccs I 3m G \m Q )(m(s) > 0)} 
T p = {t £ Tmccs I 3m G [m ) s.t. m[t)} 
A p = {ffei I 3t G T p , G = /(/))} 

The definition above suggests a way of generating Net(p) with an algorithm in least-fixpoint style. 
Start by dec(p) and then apply the rules in Table|4]in order to produce the set of transitions (labeled on 
sf) executable from dec(p) in one step. This will also produce possible new places to be added to the 
current set of places. Then repeat until no new places are added and no new transitions are derivable; 
hence, this algorithm ends only for finite nets. 

The following facts are obvious by construction: 

Proposition 12 For any p G 

• Net(p) is a reduced (see Definition^ P/T net. 

• Net(p) ~ Nmccs (dec (p)). 

4.3 Case Studies 

Example 5 (Semi-counter) A semi-counter process, i.e., a counter that cannot test for zero, can be 

def 

described by the infinite-state process A = up. (down. §\ A). Observe that dec(A) = {up.(down.O \ A)}. 

The only enabled transition is dec(A) -^^■down.0(Bup.(down.0\A). Then, also transition downfy d —^§ 
is derivable. The finite P/T net Net (A) is reported in Figure^ 



Example 6 (Counter with test for zero) As an example of a CCS process that cannot be modeled by a 
finite P/T net, consider the following specification of a (real) counter, as given in H23\l . 
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up 



down 




* 1 up. {down. Q\ A) 

o 



down.O 



c 0. 



zero 



Figure 1 : The P/T system for a semi-counter. 
C 



'{fl'/aQ ze \° j c K/aQ 

irO > ^ 



+ up a w 

C.r.//., . a'.Ql * - HI C,(, 



^{a'/a} 



dow, 



up 



irO N 



7 c O— x o C2jf ^l— 6 

^• C i{a'/a, £'//>} V 



down 



up 



7 c O^K o c,i ^!l— 6 

▼ up u w 



JSi{a"/a,b'/bM 
— dowm 



up 



Figure 2: The initial fragment of the P/T system for counter C. 
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C = zero.C + up.{(va){C\\a.C)) 
d d = down.a.0 + up.((vb)(C 2 \b.C 1 ))) 

def 

C 2 = (down.b.O + up.((va)(Ci \a.C2))) 
An initial fragment of the infinite P/T net Net (C) is reported^in Figure^ where successive unfoldings 
are due to syntactic substitutions applied to constants that generate new places. Note also the peculiar 
way substitution is applied to restricted terms. 

Example 7 (Dining Philosophers) Consider the system DF of Example^ The marking dec(DF) is 
composed of the four place^si = philo, S2 = phil\, S3 = forko and S4 = fork\. Initially, the two 
philosophers can think on their own: 

think , think 

S[ — t- si and s 2 — > s 2 
or can compete for the acquisition of the two forks: 
si © S3 © S4 — ^ s'j © s 3 © s' 4 and 

S2©S3©S4-^-S^©S 3 ©S / 4 



where s[ = phil' , s' 2 = phil[, s' 3 = downo. forko, s' 4 = down\.fork\ 

with, for i = 0, 1, phil[ = eat .downi.down i+ ^ moi i 2 yphili. Now two further alternative transitions are 
derivable, namely: 



s\ Sj and s' 2 s' 2 ' 



where s" = phil' \ s' 2 ' = phil", with, for i = 0, 1, phil" = downj.downi + i( moi i 2 yphili. Finally, 

s'( © s' 3 © s' 4 -A si © s 3 © s 4 and 

s 2 © s' 3 © s' 4 S 2 © S3 © s 4 
and we are back to the initial marking dec(DF). The resulting Net(DF) is reported in Figure^a). Note 
that the two philosophers can never eat at the same time, i.e., in no reachable marking m we have that 
m(s[) = 1 = m{s' 2 ). 

Example 8 (Concurrent readers and writers) Let us consider Sys of Example^ The multiset dec(Sys) 
isArd © 3lk © Iwr ©(W) © (vu), where rd = I. read. u.R, Ik = l.u.L and wr = 1.1.1. write. u.u.u.W. One 
of the two possible initial transitions is wr(B3lk wr 1 © 31k' , where wr 1 = write. u.u.u.W and Ik 1 = u.L. 
After such a transition, no reader can read, as all the locks are busy. The other possible initial transition 
is rd © Ik — T -^- rd' © Ik', where rd' = read.u.R. The resulting P/T net Net(Sys) is depicted in Figure^b). 



5 Properties of the net semantics 

In this section, we present some results about the net semantics we have defined. First we give a sound- 
ness result, namely that the interleaving marking graph associated to Net(p) for any Multi-CCS term 
p is bisimilar to its transition system. Then we discuss finiteness conditions on the net semantics. In 
particular, we single out a subclass of Multi-CCS processes whose semantics always generates finite P/T 
nets. This subclass, we call finite-net processes, is rather rich, as the parallel operator is allowed to occur 
inside the body of recursively defined constants. Hence, finite-net processes may be infinite-state pro- 
cesses, (i.e., the associated labeled transition system may contain infinitely many states), as illustrated in 
Example [5] 

2 For brevity, we associate to a place the name of a constant instead of its definition, e.g. place C should be called zero.C + 
up.((va)(Ci\a.C)). 

3 Again, for brevity, we associate to a place the name of a constant instead of its definition, e.g. .sj = philo while it should 
be s\ = think. philo + u Po- u P\ eat .dnQ.dn\.philQ. 
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(a) 




(b) 



Figure 3: (a) The net for two dining philosophers, (b) The net for concurrent readers/ writers. 



5.1 Soundness 

Proposition 13 For any process p £ if p p' then there exists t £ T p such that dec{p)[t)K with 
1(f) = O and K ~ dec(p'). 

Proof: By induction on the proof of p — > p'. □ 
Proposition 14 For any process p 6 S 1 , if there exists t £T p such that dec(p)[t)K with l(t) = o, then 

there exists p' such that p p' and K = dec(p'). 

Proof: By induction on (the definition of) dec(p) and then by induction on the proof of t. □ 

Theorem 15 For any process p £ p ~ dec(p). 

Proof: Relation R = {(p, dec (q)) | p,q£&, dec(p) ~ dec(q)} is a bisimulation, due to Propo- 

□ 



sition 



13 (together with Proposition^^ and Proposition^^ 



5.2 Finiteness 

The net semantics often generates finite nets. However, the generation of an infinite system may be due 
to one of the following three facts. First, the decomposition rule for restriction requires the generation of 
a fresh name; hence, if this operator lies inside a recursive definition, an infinite set of fresh names (i.e., 
of places) may be required. Second, we have to impose a finite bound to the number of constants that can 

def 

be used in a process definition. E.g., process b.Aa, with the family of process constants A, = a, A, + i for 
i € IN, is not allowed. Third, as the synchronization relation is too generous (it may produce infinitely 
many transitions even for a net with finitely many places, as the following example shows), we have 
to impose a restriction over Sync, that disables transactional communication but allows for multi-party 
synchronization. 

def 

Example 9 Consider B = a_.a.(B\B). Net(B) has just one place p = a.a.(B | B), but infinitely many tran- 
sitions! The only possible initial net transition is p-^t2p. Now transition 2p — >■ 4p is possible, and 
then 4p — > Sp, and so on ad infinitum. 
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Definition 16 The finite-net Multi-CCS processes are the processes generated by the following syntax 



s 
t 
P 





s 
t 



\l.t 

t\t j 
(va)p 



\l.t 
C 



s + s 



P\P 



where a constant C has associated a term of type t, i.e., C = t and the number of constants involved in 
any process definition is always finite. 

The semantics of finite-net Multi-CCS is the same as provided for Multi-CCS in Tables ^jand^ 
with the following additional constraint on rule (Com): Sync(o\ , (72, o) is applicable only if \ G\ \ = 1 or 
| O2 1 = 1. □ 
Theorem 17 Let p be a finite-net process. Then the subnet Net (p) associated to p is finite. □ 



6 A process term for any finite P/T net 

Now the converse problem: given a finite P/T system N(mo), can we single out a finite-net process ^(m ) 
such that Cl(p N ( ma )) and N(mo) are isomorphic? The answer is positive, hence providing a language for 
finite P/T Petri nets. 

The translation from nets to processes we present takes a restricted name yt for any place sf, this is 
used to distinguish syntactically all the places, so that no fusion is possible when applying the reduced 
net reverse translation. Moreover, it considers a restricted name Xj for each transition tj, that is used 
to synchronize all the components that participate in tj. The constant C; associated to a place has a 
summand for each transition which Sj is in the preset of. Among the many places in the preset of tj, the 
one connected with an arc of minimal weight (and if more than one is so, then the one with minimal 
index) plays the role of leader of the multiparty synchronization (i.e., the process performing the atomic 
sequence of inputs xj to be synchronized with single outputs xj performed by the other participants). 
Definition 18 Let N(m^) = (S,A,T,mo), with S = {si, . . . ,s n } and T = {t\,...,t v }. Function 
IN et(N (mo)) from finite P/T systems to finite-net processes is defined as (for fresh x\ andyj) 
INet(N(m Q ))= (vx 1 ...x v )(vy 1 ...y n ) (d| • ■ • \C X \ ■ ■ ■ \C n \ ■ ■ ■ \C n ) 

where each Ci has a defining equation m a (s { ) m (s„) 

c£ / c i 1 + ... + cf+y / .0 

where pt is the size of s' = ,...,^.}cr such that si E dom('t)for each t E s*. Let d\. = Y,k ( s k)) — 

1 and ajj = l(ti ). Then, each c\ is equal to 

• aij.Uij ifdjj = (no synchronization as *t\ j = Sj); 

• X{ ■ .0 if the previous condition does not hold, and 'tj. (s,) > . (s? ) for some i' or *tj. (sj) = 'tij (s? ) 
for some i' < i (i.e., Si is not the leader for the synchronization on t{.) 

• Xj.. ■ ■ ■ .Xj. .at .Hi if the previous conditions do not hold (i.e., Sj is the 



leader), and *tij(si) = 1; iffy. = X, c\ is simplified to Xj.. ■ ■ ■ .Xj. .Xi j .Yli j ; 
• Xjj.O + Xj.. ■ ■ ■ .Xj. .ajj.Hjj otherwise (i.e., Si is the leader and the arc has weight > I). 

Finally, each n,v is defined as n,v = C\ \ ■ ■ ■ \C\ \ ■ ■ ■ \ C n \ ■ ■ ■ \C n . 
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Remark: (CCS nets) Let us call CCS nets the class of P/T nets where transitions have only one input 
arc (with weight 1) or two input arcs (with weight 1) but labelled by T. It is not difficult to see that, given 
a CCS net N(mo) the resulting process term INet(N(mo)) is a finite-net CCS terms (i.e., a term without 
strong prefixing). 

Example 10 Consider the net N depicted in Figure^a), where we assume that l(t\) = Ifa) = think, 
l{t^) = l(tn) = T and I (t 5) =l(t(,) = eat. Clearly, it is a different solution to the dining philosophers prob- 
lem, where forks (places S3 and S4) are resources that are consumed and then regenerated. Applying the 
translation above, we obtain the finite -net process INet(N(mo)) = (vx\ . . .X(,)(vy\ . . .y(,)(C\ \ C2\C3\ C4) 
where 

C\ = think.Ci+X3.X3.C5+yi.O C2 d = think^+M^.C^+yi-O 
C3 = I3.O+X4. 0+J3.0 C4 d = X?".0 + ^4.0 + }>4.0 

C5 d = eat.(C\ I C3 I C4) +J5.O C(, d = eat.(C-2 \ C3 | C4) 
Note that C3 and C4 differ for the last summand only. If the restricted names y?, and y^ were omitted, 
Net(INet(N(mo) )) would be a different net where places S3 and S4 are fused in a new place with two 
tokens. 

INet(N(mo)) generates an infinite-state labeled transition system, because of the nesting of parallel 
operator inside recursively defined constants. However, its behavior is actually finite: indeed, it gen- 
erates a finite safe P/T net, hence with a finite interleaving marking graph, which is bisimilar to its 
infinite-state labeled transition system. 

Example 11 Consider the net N (mo) of Figure^b). Applying the translation above, we obtain the finite- 
net process INet(N(mo)) = (yx\XiX3 ) (yyxyiy^) (C\ \ C\\C\\C2 \ C2) where 

C\ d = xi.O + xi.a.Ci +X2.O + X3.X3.C.C3 +yi-0 
C2 d = X2.X2.b.0 + X3.0-\-y2.0 C3 d = ^3.0 

Theorem 19 Let N (mo) be a finite reduced system. Then, Net(INet(N(mo))) is isomorphic to N(mo). 

□ 

Corollary 20 Let N(mo) be a finite reduced CCS net. Then, INet(N(mo)) is a CCS process term and 
Net(INet(N(mo))) is isomorphic to N(mo). □ 
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7 Conclusion 

The class of finite-net Multi-CCS processes represents a language for describing finite P/T nets. This 
is not the only language expressing P/T nets: the first (and only other) one is Mayr's PRS lfT31 . which 
however is rather far from a typical process algebra as its basic building blocks are rewrite rules (instead 
of actions) and, for instance, it does not contain any scope operator like restriction or hiding. We think 
the language we have identified can be used in order to cross-fertilize the areas of process calculi and 
Petri nets. In one direction, it opens, e.g., the problem of finding axiomatizations of Petri nets behaviours. 
For instance, net isomorphism induces a lot of equations over Multi-CCS terms. Just to mention a few, 
parallel composition is associative, commutative with as neutral element, terms that differ only for 
alpha-conversion of bound names are identified, the sum operator is associative, commutative and, if 
the sequential term p is not 0, then also p + = p and p + p = p hold. Even if the problem of finding a 
complete set of axioms characterizing net isomorphism is probably out-of-reach, nonetheless, the axioms 
we have identified are interesting as they include those forming the structural congruence for CCS EOl . 
hence validating their use. On the other direction, Petri net theory can offer a lot of support to process 
algebra. Some useful properties are decidable for finite P/T nets (e.g., reachability, liveness, coverability 
- see e.g., |[22l - model-checking of linear time /i-calculus formulae [7 ]) and so also the (infinite-state 
systems of) finite-net Multi-CCS processes can be checked against these properties. Moreover, P/T nets 
are equipped with non-interleaving semantics, where parallel composition is not reduced to sum and 
prefixing, and these semantics can be used fruitfully to check causality-based properties, useful, e.g., in 
error recovery. 

As a final remark, we want to stress that our net semantics is the first one based on unsafe labeled P/T 
nets for a rich process algebra including CCS as a subcalculus. Indeed, our net semantics improves over 
previous work. Goltz's result ||8j|9l are limited to CCS without restriction; we define our net semantics 
in a different style (operational) and additionally we cope with restriction and strong prefixing. Degano, 
De Nicola, Montanari and Olderog's approach ETI is somehow complementary in style, as it builds 
directly over the SOS semantics of CCS. Their construction generates safe P/T nets which are finite 
only for regular CCS processes (i.e., processes where restriction and parallel composition cannot occur 
inside recursion). Moreover, this approach has never been applied to a process algebra whose labeled 
operational semantics is defined modulo a structural congruence. Similar concerns are for PBC 0, 
whose semantics is given in terms of safe P/T nets. Nonetheless, PBC can express "programmable" 
multiway synchronization by means of its relabeling operators (somehow similar to Multi-CCS), and so, 
in principle, if equipped with an unsafe semantics it might also serve as a language expressing general 
P/T nets. On the contrary, we conjecture that it is not possible to obtain a representation theorem such as 



Theorem[T9|based on CSP [14]. 

Our work is somehow indebted to the earlier work of Busi & Gorrieri on giving labeled net 
semantics to ^-calculus in terms of P/T nets with inhibitor arcs; our solution simplifies this approach for 
CCS and Multi-CCS because we do not need inhibitors. In particular, already in that paper it is observed 
that finite-net 7i-calculus processes originate finite net P/T net systems (with inhibitor arcs). Similar 
observations on the interplay between parallel composition and restriction in recursive definitions, in 
different contexts, has been done also by others, e.g., [1]. Also important is the work of Meyer lfl6l[T7l 
in providing an unlabeled P/T net semantics for a fragment of 7r-calculus; the main difference is that his 
semantics may offer a finite net representation also for some processes where restriction occurs inside 
recursion, but the price to pay is that the resulting net semantics may be not correct from a causality point 
of view. We conjecture that his technique is not applicable to Multi-CCS. 

Future work will be devoted to define compositional (denotational in style) unsafe net semantics for 
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Multi-CCS, generalizing work of Goltz JSJ and Taubner ||23l . 
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